[Secure-testing-commits] r43794 - data/CVE

Fri, 05 Aug 2016 13:34:52 -0700 

Author: jmm
Date: 2016-08-05 20:34:20 +0000 (Fri, 05 Aug 2016)
New Revision: 43794

Modified:
   data/CVE/list
Log:
erlang unimportant
gdk-pixbuf, cakephp no-dsa


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2016-08-05 20:30:34 UTC (rev 43793)
+++ data/CVE/list       2016-08-05 20:34:20 UTC (rev 43794)
@@ -1116,9 +1116,9 @@
        RESERVED
 CVE-2016-1000107
        RESERVED
-       - erlang <unfixed>
+       - erlang <unfixed> (unimportant)
        NOTE: https://bugs.erlang.org/browse/ERL-198
-       TODO: check
+       NOTE: No part of Erlang does set HTTP_PROXY based on a Proxy: header, 
just hardening
 CVE-2016-1000106
        RESERVED
 CVE-2016-1000105
@@ -1280,6 +1280,7 @@
 CVE-2016-6352 [Write out-of-bounds]
        RESERVED
        - gdk-pixbuf <unfixed> (bug #832496)
+       [jessie] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed along in a 
future DSA)
        [wheezy] - gdk-pixbuf <not-affected> (Fails with ENOMEM, no crash)
        NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/11
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769170
@@ -21471,6 +21472,7 @@
        NOTE: original ubuntu bug: 
https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226
 CVE-2015-8379 (CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers 
to ...)
        - cakephp 2.8.0-1 (bug #832316)
+       [jessie] - cakephp <no-dsa> (Minor issue)
        NOTE: http://karmainsecurity.com/KIS-2016-01
        NOTE: 
https://github.com/cakephp/cakephp/commit/0f818a23a876c01429196bf7623e1e94a50230f0
 CVE-2015-8400 (The HTTPS fallback implementation in Shell In A Box (aka 
shellinabox) ...)
@@ -23365,6 +23367,7 @@
        NOTE: http://www.openwall.com/lists/oss-security/2015/10/18/2
 CVE-2015-XXXX [cakephp: XML class SSRF vulnerability]
        - cakephp 2.6.7-1 (bug #832283)
+       [jessie] - cakephp <no-dsa> (Minor issue)
        [wheezy] - cakephp 1.3.15-1+deb7u1
        [squeeze] - cakephp 1.3.2-1.1+deb6u11
        NOTE: Workaround entry for DLA-333-1 and DLA-566-1 until/if CVE assigned


_______________________________________________
Secure-testing-commits mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to